Adaxes

How to log each group removal in Adaxes script?

0 votes

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm

I need to have adaxes log each group removal. I have tried $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage("$group was removed from %username%", "Information") And $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage($group+" was removed from %username%", "Information")
What I get in the log is: image.png What am I doing wrong?

by (1.0k points)

1 Answer

+1 vote
by (272k points)

Hello,

You can use the below updated script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
        $groupName = $group.Get("name")
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("User %fullname% removed from group $groupName", "Information")
}
0

Thank you works perfectly.

by (1.0k points)

Related questions

0 votes
1 answer
In Adaxes can you apply a powershell script to all users in a specific group?

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
1 answer
How to access the Adaxes service account's credentials in a PowerShell script action?

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
0 votes
1 answer
How to implement script to monitor group membership changes.

I'm trying to implement the script on https://www.adaxes.com/script-repository/changes-in-group-membership-including-changes-made-by-3rd-party-tools-s289.htm. I added my ... is set to run hourly on Domain Admins, and Exchange Admin "group" objects. Thanks

asked Feb 26 by stevehalvorson (110 points)
0 votes
0 answers
How to hide the message about the temporary Microsoft 365 password assignment in the execution log?

By default, in hybrid environments, when an on-premises AD object is created in Adaxes within the scope of a Microsoft 365 tenant, Adaxes will create the corresponding ... the Display the temporary password in the Execution Log checkbox. Click OK twice.

asked Nov 16, 2022 by Adaxes (550 points)
0 votes
1 answer
Adaxes Script to Add DHCP Servers to Group

Hello, I am wanting to write a script to have Adaxes add/remove all authorized DHCP Servers in the domain to a certain security group weekly. Dynamically adding and removing ... you have a better soulution then PS, then let me know. Thanks in advance!

asked Feb 8 by NewTechSolutions (20 points)
3,346 questions
3,047 answers
7,782 comments
544,986 users